The Open UniversitySkip to content
 

Text Filtering and Ranking for Security Bug Report Prediction

Peters, Fayola; Tun, Thein; Yu, Yijun and Nuseibeh, Bashar (2018). Text Filtering and Ranking for Security Bug Report Prediction. IEEE Transactions on Software Engineering (Early Access).

Full text available as:
[img]
Preview
PDF (Accepted Manuscript) - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader
Download (4MB) | Preview
DOI (Digital Object Identifier) Link: https://doi.org/10.1109/TSE.2017.2787653
Google Scholar: Look up in Google Scholar

Abstract

Security bug reports can describe security critical vulnerabilities in software products. Bug tracking systems may contain thousands of bug reports, where relatively few of them are security related. Therefore finding unlabelled security bugs among them can be challenging. To help security engineers identify these reports quickly and accurately, text-based prediction models have been proposed. These can often mislabel security bug reports due to a number of reasons such as class imbalance, where the ratio of non-security to security bug reports is very high. More critically, we have observed that the presence of security related keywords in both security and non-security bug reports can lead to the mislabelling of security bug reports. This paper proposes FARSEC, a framework for filtering and ranking bug reports for reducing the presence of security related keywords. Before building prediction models, our framework identifies and removes non-security bug reports with security related keywords. We demonstrate that FARSEC improves the performance of text-based prediction models for security bug reports in 90% of cases. Specifically, we evaluate it with 45,940 bug reports from Chromium and four Apache projects. With our framework, we mitigate the class imbalance issue and reduce the number of mislabelled security bug reports by 38%.

Item Type: Journal Item
Copyright Holders: 2017 IEEE
ISSN: 0098-5589
Project Funding Details:
Funded Project NameProject IDFunding Body
Adaptive Security And Privacy (XC-11-004-BN)291652EC (European Commission): FP (inc.Horizon2020, ERC schemes)
Keywords: security cross words; security related keywords; security bug reports; text filtering; ranking; prediction models; transfer learning
Academic Unit/School: Faculty of Science, Technology, Engineering and Mathematics (STEM) > Computing and Communications
Faculty of Science, Technology, Engineering and Mathematics (STEM)
Item ID: 53059
Depositing User: Thein Tun
Date Deposited: 06 Feb 2018 09:54
Last Modified: 06 Feb 2018 09:54
URI: http://oro.open.ac.uk/id/eprint/53059
Share this page:

Metrics

Altmetrics from Altmetric

Citations from Dimensions

Download history for this item

These details should be considered as only a guide to the number of downloads performed manually. Algorithmic methods have been applied in an attempt to remove automated downloads from the displayed statistics but no guarantee can be made as to the accuracy of the figures.

Actions (login may be required)

Policies | Disclaimer

© The Open University   contact the OU